<?php

//connecting database
$host_name="localhost";
$user_name="root";
$pass_name="theshoppingbuzz";
$db_name="theshoppingbuzz";
@mysql_connect($host_name,$user_name,$pass_name) or die("couldnt connect database");
@mysql_select_db($db_name) or die("no database");
//echo "database connected";

//getting input answer
$id=$_POST['id'];
$old=sha1($_POST['old']);
$new=sha1($_POST['new']);
//echo "$new";
$query="SELECT email_id,password FROM users";
$result= mysql_query($query) or die(mysql_error());
$count=mysql_num_rows($result);
 
 //testing purpose;
 //echo "$count";

while($row = mysql_fetch_array($result))
{
   if( $row['email_id'] == $id)
	{
		if($row['password'] == $old)
		{
			mysql_query("UPDATE registration SET password = '$new'
			WHERE email_id = '$id'") or die("error in inserting");
			echo 'updated with new password try login now';
		}
		else
		{
			echo "password didnt match";
		}
			
	}
	
 }


?>